NetSupport Manager Client Spoofing Remote Authentication Bypass

Critical Nessus Plugin ID 26071


The remote Windows host has a program that is prone to an authentication bypass attack.


NetSupport Manager (NSM), a multi-platform remote control application, is installed on the remote host.

According to its version, the NetSupport Manager client component on the remote host does not properly handle authentication sessions. A remote attacker may be able to leverage this issue to pose as the NetSupport Manager, associate to the NSM client, and gain complete control of the affected system.


Upgrade to NetSupport Manager version 10.20.0004 or later.

See Also

Plugin Details

Severity: Critical

ID: 26071

File Name: nsm_client_auth_bypass.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2007/09/24

Modified: 2016/05/11

Dependencies: 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5057

BID: 25761

OSVDB: 40587

CWE: 287